Home Explore Help
Register Sign In
alberanid
/
ibt2
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

fixes #31: ability to delete users (for admins)

Davide Alberani 7 years ago
parent
2f6a97e215
commit
d8e6a8cd5b
3 changed files with 19 additions and 5 deletions
Split View Show Diff Stats
  1. 8 1
      ibt2.py
  2. 2 2
      monco.py
  3. 9 2
      src/Users.vue

+ 8 - 1
ibt2.py
View File 

@@ -479,7 +479,14 @@ class UsersHandler(BaseHandler):
 
         if id_ is None:
 
             return self.build_error(status=404, message='unable to access the resource')
 
         if not self.has_permission(id_):
 
-            return
 
+            return self.build_error(status=401, message='insufficient permissions: must be admin')
 
+        if id_ == self.current_user:
 
+            return self.build_error(status=401, message='unable to delete the current user; ask an admin')
 
+        doc = self.db.getOne(self.collection, {'_id': id_})
 
+        if not doc:
 
+            return self.build_error(status=404, message='unable to access the resource')
 
+        if doc.get('username') == 'admin':
 
+            return self.build_error(status=401, message='unable to delete the admin user')
 
         howMany = self.db.delete(self.collection, id_)
 
         if id_ in self._users_cache:
 
             del self._users_cache[id_]

+ 2 - 2
monco.py
View File 

@@ -296,8 +296,8 @@ class Monco(object):
 
         :param force: force the deletion of all documents, when `_id_or_query` is empty
 
         :type force: bool
 
 
-        :returns: how many documents were removed
 
-        :rtype: int
 
+        :returns: dictionary with the number or removed documents
 
+        :rtype: dict
 
         """
 
         if not _id_or_query and not force:
 
             return

+ 9 - 2
src/Users.vue
View File 

@@ -10,6 +10,7 @@
 
                         <md-table-row>
 
                             <md-table-head>Username</md-table-head>
 
                             <md-table-head>Email</md-table-head>
 
+                            <md-table-head v-if="loggedInUser.isAdmin">Delete</md-table-head>
 
                         </md-table-row>
 
                     </md-table-header>
 
                     <md-table-body>
 
@@ -22,6 +23,11 @@
 
                             <md-table-cell>
 
                                 {{user.email}}
 
                             </md-table-cell>
 
+                            <md-table-cell v-if="loggedInUser.isAdmin">
 
+                                <md-button class="md-icon-button" @click="deleteUser(user._id)">
 
+                                    <md-icon>delete</md-icon>
 
+                                </md-button>
 
+                            </md-table-cell>
 
                         </md-table-row>
 
                     </md-table-body>
 
                 </md-table>
 
@@ -71,11 +77,12 @@ export default {
 
         },
 
 
         deleteUser(userId) {
 
-            this.usersUrl.update({id: userId}).then((response) => {
 
+            this.usersUrl.delete({id: userId}).then((response) => {
 
                 return response.json();
 
             }, (response) => {
 
-                this.$refs.dialogObj.show({text: 'unable to delete the user'});
 
+                this.$refs.dialogObj.show({text: 'unable to delete the user: ' + response.body.message});
 
             }).then((data) => {
 
+                this.getUsers();
 
             });
 
         }
 
     },